Researchers work to harden cyber infrastructure from WMD

By Kathleen Hickey

Aug 27, 2014

The Defense Threat Reduction Agency (DTRA) is funding a project by the University of New Mexico (UNM) to conduct field tests into recovery solutions for cyber-infrastructure attacks under realistic, real world conditions, including the threat of weapons of mass destruction.

Nasir Ghani, Associate Chair of the Electrical and Computer Engineering Department and Majeed Hayat, Associate Director of the UNM Center for High Technology Materials, received the 2-year award for a project titled, "Implementation Paradigms for Survivability of Cyber-Infrastructure Backbone Networks Against WMD Attacks Over Real Network Environments."

The testing is based on prior research done by UNM funded under an earlier DTRA Basic Research award. The contract covers research into the design/evaluation of robust counter-WMD solutions “to implement novel survivability algorithms and validate their effectiveness in "live" distributed backbone networks under emulated WMD stressors,” the FedBizOpps announcement said.

“Modern backbone cyber-infrastructures are comprised of multiple technology domains/layers and support scalable connectivity across large distances,” a UNM article explained. “However, most existing recovery schemes focus only on single or limited dual node/link failures.” The focus of this new research is to conduct field trials of new recovery paradigms and validate and harden their performance in realistic settings.

Multiple network failures, such as might occur during a natural disaster or WMD attack, would be a catastrophic event and jeopardize national security and the economy.

The first part of this effort focused on implementing detailed algorithms inside distributed networking protocol stacks. The latest research will focus on designing and running detailed test-case scenarios to validate these schemes for a wide range of disaster conditions over live network infrastructures.

As part of this effort, the UNM team will also partner with Tom Lehman and Xi Yang at the Mid-Atlantic Cross-Roads Gigabit Point-of-Presence facility (MAX) at the University of Maryland College Park. The MAX networking facility hosts and has access to a wide range of research cyber-infrastructures for detailed testing and evaluation purposes.

Cyber-infrastructure security has been identified as a top priority by the White House for years and has drawn the interest of Congress as well. Late last month the House passed three bills to address cybersecurity and critical infrastructure: H.R. 3696, the National Cybersecurity and Critical Infrastructure Protection Act; H.R. 2952, the Critical Infrastructure Research and Development Advancement Act; and H.R. 3107, the Homeland Security Cybersecurity Boots-on-the-Ground Act.

“A successful cyberattack on our nation’s water systems, oil and gas pipelines, power grids and mass transit systems on the scale of the recent retail breaches could cause crippling economic damage and could even cost lives. The reality of the threat is outpacing our readiness to combat it,” said House Homeland Security Committee Chairman Michael McCaul (R-Texas).

“The cyber risk is among the most serious our nation faces today. Terrorist groups like Hamas, nation-states like Iran, China and Russia and criminal gangs across the world are constantly attempting to breach our systems. But existing laws that have been on the books for years are not designed to cope with the threat,” added subcommittee chairman Patrick Meehan (R-Pa.).

Cyberthreats are becoming not only more dangerous, they are falling into the hands of more people, said former White House security advisor Tom Donilon, speaking at FOSE in May. Protecting critical infrastructure is the joint responsibility of the public and private sectors, he added.

A survey by Unisys Corp. and Ponemon Institute released in July found critical infrastructure providers in the utility, oil and gas, energy and manufacturing sectors unprepared for both internal and external threats, with nearly 70 percent of survey respondents experiencing breaches in the past year.

Sixty-four percent of the 599 security executives surveyed expect one or more serious attacks in the coming year, yet only 28 percent ranked security as a top five strategic priority for their organization.

A visual representation of the scale of cyberattacks can be found on Kapersky Lab’s site, which has a real-time global cyberthreat map based on its data.